We often want to send messages that are both (a) encrypted, so passive attackers can't discover the plaintext of the message, and (b) signed with a private-key digital signature, so active attackers ...

Using the terminology of the ECDSA wikipedia page, ECDSA (and DSA) signatures require a random k value for each signature which ensures that the signature is different each time even if the message ...

For the purposes of signing and verifying signatures, what is the value of the hash function?
Why would it matter if SHA1 is later determined to be easy to break? Since a Public/Private key process ...

I desire an algorithm in which Alice sends a block of data $X$ to Bob, with proof that the data was both sent and received. Ideally this would take the form of a public-key signature of the block $X$ ...

I'm looking for a scheme where signing may be costly (slow) but batch verification with different signers is the fastest possible.
Modified ECDSA allows batch verification for different signers with ...

I reference object in some of my code in hashes. The signature is itself is another object separate from the one I am signing (for obvious reason). I consider simpler to simply sign the reference to ...

Given a message $M$ and a signature $S$, is it feasible to find a RSA public key $(n,e)$ such that $S$ verifies as a valid signature on $M$ (using this public key)?
What if we're given one public key ...

In the Bernstein et al. paper about EdDSA, the authors claim EdDSA is resilient against collisions (i.e. it can still be secure even if the hash function used isn't collision-resistant), drawing on a ...

Does there currently exist a free online service that accepts a file, hashes it, takes an authoritatively chosen timestamp (from one or more time services), signs these and sends this signed message ...

I am attempting to determine the strength of an incorrectly implemented 1024 bit RSA signature scheme. The weakness in the implementation is that the padding data lacks random numbers. As a result, ...

You put an input and the hash value comes as an output then when someone puts the input the hash function it is applied to see if it is the same hash original value is stored in some database , that ...

I have a few questions relating to threshold signatures: a scheme where $n$ participants hold a key share and any $t$ of them can conduct a protocol using their shares that results in a valid RSA or ...

I'd like to get an overview of how the signatures with message recovery work, especially in case EMV and other smart card systems. Is there a nice overview available without being required to read the ...

I understand why randomness has to be employed in encryption, because deterministic ciphers are not IND-CPA. I don't understand why digital signature schemes that employ randomness, like RSA-PSS, are ...

This question is a variant on Given a message and signature, find a public key that makes the signature valid, which discusses the analogous question for RSA. It was suggested to me by this post over ...

Does anybody know an efficient mechanism to prove the possession of a digital signature (e.g. RSA) on a certain attribute (message) in zero-knowledge? That is, without revealing the actual signature ...

It seems to be possible to retrieve the (public) key used for creating an ECDSA signature just from the signature alone.
This seems like an interesting property; as far as I know, RSA doesn't share ...